You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
24 lines
992 B
24 lines
992 B
## Custom security policy for Google Camera App, the default camera application on Pixel devices.
|
|
##
|
|
## Google Camera App is a standard app for the most part, but on Pixel devices
|
|
## it has access to hardware accelerators such as Hexagon and Airbrush.
|
|
##
|
|
## This policy defines the extra rules necessary for that access,
|
|
## that reference private core sepolicy
|
|
|
|
# Duplicate all access that normal untrusted_app has, except for untrusted_app_domain
|
|
app_domain(google_camera_app)
|
|
net_domain(google_camera_app)
|
|
bluetooth_domain(google_camera_app)
|
|
|
|
# Write app-specific trace data to the Perfetto traced damon. This requires
|
|
# connecting to its producer socket and obtaining a (per-process) tmpfs fd.
|
|
allow google_camera_app traced:fd use;
|
|
allow google_camera_app traced_tmpfs:file { read write getattr map };
|
|
unix_socket_connect(google_camera_app, traced_producer, traced)
|
|
|
|
# Allow heap profiling if the app opts in by being marked
|
|
# profileable/debuggable.
|
|
can_profile_heap(google_camera_app)
|
|
|